Vehicle-to-infrastructure (V2X) technology is still in the testing and demonstration phases, but it’s already apparent that security is essential to the success of such systems. Back-end infrastructure security considerations are crucial to future developments.

Markus Bauer of BMW’s Active Concepts and Integrated Safety division notes that the privacy aspect of a secure V2X system is particularly important because the US Department of Transportation (DOT) is currently considering deploying V2X as a mandate. “In Europe, they’re not thinking of a mandated system at the moment, so people will opt in,” Bauer says. Users may “not be asked in the US.”

Andre Weimerskirsch, CEO and president of Escrypt, the embedded security firm that created the CAMP security framework, says a common fear about V2X is the idea of rogue messages taking control of cars—even though V2X is a long way from having that capacity. “All the safety apps today are only intended to be a warning or notification. It prepares the driver to react and do the right thing.”

The connectivity question

The first layer of V2X communication involves the vehicle-to-vehicle (V2V) aspect of the system. In the last few years, IEEE standard 1609 has been developed to manage Wireless Access in Vehicular Environments (WAVE). An SAE standard developed specifically for V2X now defines message content format. Just as laptop computers use WiFi that’s based on an IEEE standard (usually 802.11g or b), 802.11p will be used in cars for dedicated short-range communication (DSRC).

The second component is the V2X system, which could use DSRC technology or cellular network connections. Alternatively, OEMs already offering a connected service, such as OnStar or Sync, might opt to use that connection for V2X capability. It is not clear what the route will be.

Who will invest first?

Many automakers are biding their time, waiting to see if the US government or some private organization will establish a set of roadside V2X communication units. Doing so will take a lot of money, and OEMs will want to be sure their cars are appropriately equipped to use whatever is put in place.

Precisely because of the tremendous cost of infrastructure, the US NHTSA has asked the auto industry to examine ways in which a V2X security system could be operated without infrastructure.

Every time we log on [to the Internet] with a laptop, we go through a security process. So load new vehicles with a year’s worth of security certificates, which could be replenished and updated via the dealer.

In most cases, car companies favour a roadside infrastructure-based security system. But because governments are already struggling with budgets, it’s not likely that they will find the money to create widespread roadside DSRC infrastructure anytime soon.

Using cellular network connectivity is another possibility, but nobody wants to force people to have a cellular subscription to take advantage of safety equipment on their vehicles.

Communication security

Just as creating communication links among moving objects requires special technology standards, making sure V2X remains a secure feature throughout the life of the vehicle requires some ingenuity.

Where onboard systems are concerned the V2X-enabling mechanism may be enclosed within the vehicle’s theft-protection system. If it’s removed from the vehicle, it will stop working.

This not only ensures that the system retrieves accurate information from sensors, but also prevents someone from taking the unit, connecting it to another computer, and using it to tamper with the V2X network.

This close integration with the vehicle’s systems may make it a challenge for aftermarket V2X system devices to work well, at least initially.

Privacy considerations

What does change are privacy considerations. A vehicle with a certain set of apps might provide a sort of identifier of the driver.

In Europe, the level of privacy offered by a particular V2X-enabled vehicle will likely be decided by carmakers. In the US, the government may decide it—if the mandate is enacted. In that case, “if you buy a car, it will just be in there. There will have to be protections for people who want their privacy.”

This means that no identifiers would be included in data transmission. If two messages are sent from the same vehicle, they should not be linked in any way, so there’s no possibility of tracking patterns or using the data to discern the location of a particular vehicle.